Glossary
This glossary is intended to provide practical definitions of terms to help you understand how they are used in threat modeling and in this book. I have aimed for clarity, consistency, and brevity.
I have tried to be clear in context, but I avoid attempts to declare one meaning or another “correct” or superior to others.
- ACL (access control list)
- This allows or denies access to files. ACL is often used interchangeably with permissions, despite the fact that Windows or other ACLs have some technically important differences from unix permissions—in particular, the flexibility of the semantics of a list of rules, rather than a fixed set of permission bytes.
- administrator
- The most privileged account on a system, and the name of the most privileged account on a Windows system. The text is contextually clear when an issue is specific to a design element or feature of Windows. Often used in the text interchangeably with “root,” the most privileged account on unix systems.
- AINCAA
- The properties violated by the STRIDE threats. Those properties are as follows: Authentication, Integrity, Non-repudiation, Confidentiality, Availability, and Authorization.
- AJAX (Asynchronous JavaScript and XML)
- Generally, AJAX refers to a style of programming websites and the relevant design of the back end which results in a more fluid and interactive experience than pushing the Submit button.
- Alice and Bob
- Protagonists in cryptographic protocols since time immemorial, or perhaps since ...
Get Threat Modeling: Designing for Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
